2 Replies Latest reply on May 8, 2012 12:49 PM by user279104

    People Connections - message wall vulnerable to  javascript injection

    user279104
      Hi,

      I am developing Webcenter Portal application with Webcenter 11.1.1.4.

      We use People Connections message wall taskflow and noticed that it doesn't filter user input against script injection. For example, one can enter , script > alert('something'); < /script > and click publish. When message wall will be displayed for the next time - this alert window will appear. This is an obvious security flaw, is there any way to avoid it?

      As far as I know we can only customize visualization, not implementation of webcenter taskflows?